Sign-up

ID

VAR-202103-0912


CVE

CVE-2021-27440


TITLE

GE Reason DR60 hardcoded password vulnerability

Trust: 0.6

sources: CNVD: CNVD-2021-24021

DESCRIPTION

The software contains a hard-coded password it uses for its own inbound authentication or for outbound communication to external components on the Reason DR60 (all firmware versions prior to 02A04.1). Reason DR60 is a centralized, integrated multifunctional digital fault recorder (DFR) launched by GE. The firmware of GE Reason DR60 02A04.1 earlier has a hard-coded password vulnerability. No detailed vulnerability details are currently provided

Trust: 1.53

sources: NVD: CVE-2021-27440 // CNVD: CNVD-2021-24021 // VULMON: CVE-2021-27440

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-24021

AFFECTED PRODUCTS

vendor:gemodel:reason dr60scope:ltversion:02a04.1

Trust: 1.0

vendor:gemodel:reason dr60 <02a04.1scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2021-24021 // NVD: CVE-2021-27440

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-27440
value: CRITICAL

Trust: 1.0

CNVD: CNVD-2021-24021
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202103-1370
value: CRITICAL

Trust: 0.6

VULMON: CVE-2021-27440
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2021-27440
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

CNVD: CNVD-2021-24021
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2021-27440
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: CNVD: CNVD-2021-24021 // VULMON: CVE-2021-27440 // CNNVD: CNNVD-202103-1370 // NVD: CVE-2021-27440

PROBLEMTYPE DATA

problemtype:CWE-798

Trust: 1.0

problemtype:CWE-259

Trust: 1.0

sources: NVD: CVE-2021-27440

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202103-1370

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-202103-1370

PATCH

title:Patch for GE Reason DR60 hardcoded password vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/255311

Trust: 0.6

title:Grid Solutions GE Reason DR60 Repair measures for trust management problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=145890

Trust: 0.6

sources: CNVD: CNVD-2021-24021 // CNNVD: CNNVD-202103-1370

EXTERNAL IDS

db:ICS CERTid:ICSA-21-082-03

Trust: 2.3

db:NVDid:CVE-2021-27440

Trust: 2.3

db:CNVDid:CNVD-2021-24021

Trust: 0.6

db:AUSCERTid:ESB-2021.1005

Trust: 0.6

db:CNNVDid:CNNVD-202103-1370

Trust: 0.6

db:VULMONid:CVE-2021-27440

Trust: 0.1

sources: CNVD: CNVD-2021-24021 // VULMON: CVE-2021-27440 // CNNVD: CNNVD-202103-1370 // NVD: CVE-2021-27440

REFERENCES

url:https://us-cert.cisa.gov/ics/advisories/icsa-21-082-03

Trust: 2.9

url:https://www.auscert.org.au/bulletins/esb-2021.1005

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/798.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/198638

Trust: 0.1

sources: CNVD: CNVD-2021-24021 // VULMON: CVE-2021-27440 // CNNVD: CNNVD-202103-1370 // NVD: CVE-2021-27440

SOURCES

db:CNVDid:CNVD-2021-24021
db:VULMONid:CVE-2021-27440
db:CNNVDid:CNNVD-202103-1370
db:NVDid:CVE-2021-27440

LAST UPDATE DATE

2024-11-23T21:50:56.745000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2021-24021date:2021-03-31T00:00:00
db:VULMONid:CVE-2021-27440date:2021-03-30T00:00:00
db:CNNVDid:CNNVD-202103-1370date:2021-03-31T00:00:00
db:NVDid:CVE-2021-27440date:2024-11-21T05:57:59.707

SOURCES RELEASE DATE

db:CNVDid:CNVD-2021-24021date:2021-03-31T00:00:00
db:VULMONid:CVE-2021-27440date:2021-03-25T00:00:00
db:CNNVDid:CNNVD-202103-1370date:2021-03-23T00:00:00
db:NVDid:CVE-2021-27440date:2021-03-25T20:15:12.977